attempted hack

im getting hundreds of intrusion alerts come up, a few days ago i noticed a new network connection come up! this is the first time this has happend so i was a bit freaked out.

& unplugged from the net, i went into my comodo network zones to see a strange ip.

now this is were i got a little confused so i uninstalled & reinstall the fire wall & a day later iy happend agane.
this time i went in to my blocked network zones & blocked the ip… so far so good! this is were i got confused.

when i went into my network zone the ip was still there? i assumed that comodo would remove the ip from there. so was not sure the ip was blocked.

i unplugged from the net one more time uninstall comodo & reinstalled it.

then i thought a bit more about it may be it dose not remove the ip from my network zone.
( so i read the help page in my blocked network & having made a note of the ip put it into block it!!

was that the right thing to do?? but im still getting lots of intrusion attempts… sorry its a bit long winded it just a chimp when it comes to theses things…

What was the IP of the new network zone?

If it was something like 169.X.X.X this can be caused by either a failed attempt to get a DHCP address or by plugging in a PDA (or similar device).

Ewen :slight_smile:

tx for the reply, yes it was 169.x.x.x.x is it a hack attempt? as i sit here it up to 600ish intrusion attempts…

Those addresses are assigned to a network interface when there is A) a failed attmept to get an IP address from a DHCP server or B) used to connecet PDA’s.

Do you connect wirelessly to a router? Do you also have internet connection dropouts?

Ewen :slight_smile:

no i just use a cable modem & no iv had no internet connection drop outs.

so i should allow it access to my network!?? & put in the ip in my network zones??

The golden rule I live by is if I don’t know it, I don’t allow it.

If you are directly connected to a modem and do not connect any devices to your PC that could request and fail to get an IP address, then I wouldn’t add this unknown address to your network zones.

Can you post an extract of your firewall logs or post in greater detail.

In the interim, I’d block this attempted conneciton.

Ewen :slight_smile:

is this of any help…

have you had a chance to look at the log yet m8…

The link you provided doesn’t go anywhere. I notiuced that it’s a link to a BMP file, which I assume was a screenshot of your logs. I actually wanted you to exportthem to a file so we could see everything in the logs.

you can export your logs by clicking FIREWALL - VIEW FIREWALL EVENTS - MORE. This will open the log viewer window. In the log viewer, click FILE - EXPORT TO HTML - FIREWALL LOGS. This will aloow you to save the logs as a HTML file. ZIP this file and attach it to a reply.

Ewen :slight_smile:

tx for your time (:KWL)

[attachment deleted by admin]


Firstly, I couldn’t find any mention of an address in the 169.X.X.X range anywhere in your logs.

Next, the entries regarding relate to the network connection between your PC/modem and your ISP. These should be allowed.

Am I correct in thinking your ISP is BigPond?

Also, have you been having problems paying COD4 over the net?

Ewen :slight_smile:

the 169.x.x.x.x ip was the ip that managed to get connected to my network.
that was last week.
the logs i think were just of monday to show what was going on, as for cod4 i noticed that in the logs but have had no problems playing online.
ie… no drop outs but now & again the firewall pops up saying cod4 is trying to modify some thing.
could be the stats that are held client side!! so i allowed it.
as for my ip is NOT BIGPOND but virgin media…
so do i put the ip in my network zones???

iv added a zip of this months logs!! sorry maybe i should have done that to start with.

[attachment deleted by admin]